Vilifying Visa

January 18, 2009 at 4:29 am (PT) in Rants/Raves, Usability

After submitting a credit card purchase at Newegg, I was greeted with a “Verified by Visa” webpage:
Verified by Visa screenshot

This page is idiotic.

  • I was directed to this page without any warning.
  • The page uses the domain verifiedbyvisa.com, not visa.com. A tip to financial institutions trying to thwart phishing scams: pick one domain name and stick with it. People are going to be directed to this page automatically, so the address does not need to be memorable or even human-readable. Using other domain names is confusing and looks suspicious, and if users become accustomed to it, it opens the door for phishers to use their own, look-alike domains (such as, say, verifiedbyvisacard.com, which is available as I write this).
  • For goodness’ sake, register your security certificate properly and completely. “Run by (unknown)” is not reassuring, nor is being verified by “Thawte Consulting”. (I’m sure Thawte Consulting is a big name in the security certificate space, but are they as recognizable as VeriSign? Besides, VeriSign acquired them 10 years ago. Again, pick one name and stick with it.)
  • The page provides me with none of my basic, personal information so that I can have some assurance of whom I’m dealing with. Verification is a two-way street. Continuing to ignore this makes phishing easier.
  • The page outright lies to me. The button says, “Sign up to complete purchase”, but Newegg already emailed me my purchase confirmation. I shouldn’t have to say this, but lying does not build up trust. Duh.

Tags:

Newer: People are strange
Older: Memorable Massachusetts milestones

No Comments Yet »

RSS feed for comments on this post.

Leave a comment

(will never be displayed)


Allowed HTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>